<?php

/*****************************************************************************
 * 
 *  Copyright 2009 Sylvain Dudoit (contact : sylvain.dudoit at gmail.com)
 *  
 *  This file is part of Poupitchi.
 *
 *  Poupitchi is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  Poupitchi is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with Poupitchi.  If not, see <http://www.gnu.org/licenses/>.
 *
 *****************************************************************************/


/**    
 * Add a new user
 * 
 * @param $login
 * @param $password
 * @param $email
 * @param $face
 * @param $fname
 * @param $lname
 * @return unknown_type
 */
function addUser($login, $password="", $email="", $fname="", $lname="") {
    global $P_DATA;
    global $P_ADMIN;
    if ($P_ADMIN) {
	    $login = trim($login);
	    if ($login === "") {
	    		sError(tr("Login is empty !"));
	        return;
	    }
	    if (($login === "admin") || (!checkFilename($login.".php"))) {
	    		sError(tr("Login not allowed !"));
	        return;
	    }
	    if (file_exists($P_DATA."users/".$login.".php")) {
	    		sError(tr("Login already exists !"));
	    		return;	
	    }
	    $user = array(
	        "login" => $login,
	        "password" => md5($password),
	        "email" => secstr($email),
	        "fname" => secstr($fname),
	        "lname" => secstr($lname)
	    );
	    if (!file_put_contents($P_DATA."/users/".$login.".php", serializeWithMask($user))) {
	    		sError(tr("Can't save user file !"));
	    }
    } else {
    	sError(tr("Action not allowed !"));
    }
}

/**
 * Remove a user
 * 
 * @param $login
 * @return unknown_type
 */
function removeUser($login) {
    global $P_DATA;
    global $P_ADMIN;
    if ($P_ADMIN) {
	    $file = $login.".php";
			if (checkFilename($file)) {
		    if (!unlink($P_DATA."/users/".$file)) {
	      	sError(tr("Can't remove user file !"));
	   		}
			} else {
		  	sError(tr("Invalid file name : ").$file." !");	  	
		  }
    } else {
    	sError(tr("Action not allowed !"));
    }
}

/**
 * Check for user authentication
 * 
 * @param $login
 * @param $password
 * @return unknown_type
 */
function checkUser($login, $password) {
    global $P_DATA;
    if ($login === "admin") {
    		$admin = unserializeWithMask(file_get_contents($P_DATA."/adminpass.php")); 
        if (md5($password) === $admin['password']) {
            return true;
        }
    } else {
	    $users = getUsers();
	    $pwmd5 = md5($password);
	    foreach ($users as $user) {
	        if (($login === $user['login']) && ($pwmd5 === $user['password'])) {
	            return true;
	        }
	    }
    }
    return false;
}

/**
 * Get a user by login
 * 
 * @param $login
 * @return unknown_type
 */
function getUser($login) {
    global $P_DATA;
    if ($login !== "admin") {
	    $user = unserializeWithMask(file_get_contents($P_DATA."/users/".$login.".php")); 
	    if ($user == false) {
	    	  sError(tr("Can't find user !"));
	    	  return false;
	    } else {
	    	  return $user;
	    }  
	  }
}

/**
 * Set users data
 * 
 * @param $post
 * @return unknown_type
 */
function setUser(&$post) {
    global $P_DATA;
    global $P_USER;
    $user = getUser($P_USER);
    if ($user) {
	    $user['fname'] = secstr($post['fname']); 
	    $user['lname'] = secstr($post['lname']); 
	    $user['email'] = secstr($post['email']); 
	    $user['addresses'] = secstr($post['addresses']); 
	    $user['phones'] = secstr($post['phones']); 
	    $user['others_emails'] = secstr($post['others_emails']); 
	    $user['im_accounts'] = secstr($post['im_accounts']); 
	    $user['websites'] = secstr($post['websites']); 
	    $user['date'] = time(); 
	    if (!file_put_contents($P_DATA."/users/".$user['login'].".php", serializeWithMask($user))) {
	    	  sError(tr("Can't save user profile !"));
	    }
    }
}

/**
 * Change password for user
 */
function changePassword($login, $newpassword, $confirmpassword) {
		global $P_DATA;
		global $P_USER;
		if ($P_USER === $login) {
		  if ($newpassword !== $confirmpassword) {
		  	sError(tr("Bad confirmation of password !"));
		  } else {
		  	if ($login === "admin") {
		  		$admin = array("password" => md5($newpassword));
			  	if (!file_put_contents($P_DATA."/adminpass.php", serializeWithMask($admin))) {
			    	  sError(tr("Can't save admin password !"));
			    }
		  	} else {
			  	$user = getUser($login);
		    	if ($user) {
		    		$user['password'] = md5($newpassword);
		    		if (!file_put_contents($P_DATA."/users/".$login.".php", serializeWithMask($user))) {
			    	  sError(tr("Can't save user profile !"));
			    	}
		    	}
		  	}
		  }
		} else {
    	sError(tr("Action not allowed !"));
    }
}


/**
 * Count the number of users
 * 
 * @return unknown_type
 */
function countUsers() {
    return count(getUsers());
}

/**
 * Get a users list
 * 
 * @param $number
 * @param $start
 * @return unknown_type
 */
function getUsers($number=-1, $start=0) {
    global $P_DATA;
    $files = getDirList($P_DATA."/users/", $number, $start);
    $users = array();
    foreach($files as $file) {
        $users[] = unserializeWithMask(file_get_contents($P_DATA."/users/".$file));
    }
    return $users;
}

?>